We've audited the industry's most critical protocols, built the tools that power secure development, and pioneered the methodologies that define excellence in smart contract security.
We're thrilled to announce Slither-MCP, a new tool that helps augment LLMs with Slither's unmatched static analysis engine. Virtually every use case for LLMs from writing smart contracts to auditing them can benefit from adding Slither-MCP to their toolset.
claude mcp add --transport stdio --scope user slither -- uvx --from git+https://github.com/trailofbits/slither-mcp slither-mcpsudo ln -s ~/.local/bin/uvx /usr/local/bin/uvx{
"mcpServers": {
"slither-mcp": {
"command": "uvx --from git+https://github.com/trailofbits/slither-mcp slither-mcp"
}
}
}Stay ahead of emerging threats with cutting-edge research from our security experts.
Your exchange's cold storage is only as secure as its weakest assumption. By using smart contract programmability, exchanges can build custody solutions that remain secure even when multisig keys are compromised.
The recent $1.5 billion Bybit hack exposed critical blind signing vulnerabilities. We'll demonstrate how dapp developers can protect their users using EIP-7730, which enables hardware wallets to decode transactions into human-readable formats.
Private key compromise was responsible for 43% of crypto stolen in 2024. We'll demonstrate how to design protocols that can safely tolerate private key compromise using controls such as multisigs, timelocks, and the principle of least privilege.
Custodial stablecoins reached $27.6 trillion in transaction volume last year. This post introduces a Rekt Test for custodial stablecoin issuers, offering a set of due diligence questions to help evaluate an issuer's operational resilience.
The $1.5 billion Bybit hack wasn't due to smart contract flaws but a sophisticated operational security failure. We'll explore specific threat modeling techniques that could have identified these vulnerabilities before they were exploited.
Cosmos SDK leverages strong fuzz testing extensively, following two approaches: smart fuzzing for low-level code, and dumb fuzzing for high-level simulation. We explain the differences between these approaches and show how we improved Cosmos SDK testing.
Want to discuss your blockchain security needs in person? We'll be at DevConnect 2025 and the DevConnect Security Summit (DSS) and would love to connect! Whether you're building the next generation of DeFi protocols, exploring innovative Layer 2 solutions, or need expert security guidance, our team is here to help.
DM us on X to schedule a time to chat! We're excited to meet builders and discuss how we can help secure your projects with our comprehensive audits and cutting-edge security tools.
DM @trailofblocks
We've secured billions in TVL across DeFi's most critical protocols with comprehensive audits that uncover architectural vulnerabilities and subtle logic flaws.
Comprehensive security reviews of Arbitrum's Layer 2 scaling solution, including rollup architecture and cross-chain messaging protocols.
Security audits of Uniswap's automated market maker protocols, including V3 concentrated liquidity and governance mechanisms.
In-depth security assessment of Gemini's smart contract wallet infrastructure and account abstraction implementation.
We build the tools that make blockchain security accessible to everyone.
Static analysis framework for Solidity & Vyper. Detects vulnerabilities, optimizes gas, and integrates seamlessly into CI/CD.
Property-based fuzzing for Ethereum. Finds edge cases and validates invariants through intelligent test generation.
Next-gen fuzzer with parallel execution, call sequence analysis, and comprehensive invariant testing.
A command-line tool that automates the process of generating mutants, evaluating them, and generating a report with the surviving mutations.
Mutation testing for TON smart contracts. Ensures test suites catch real vulnerabilities in FunC and Tact.
Code coverage for Solana Anchor programs. Identifies untested paths and ensures comprehensive coverage.
Join us at DevConnect and the DevConnect Security Summit (DSS) for in-depth discussions on smart contract security, tooling, and testing strategies.